{ "id": "c7deb907-2c2a-4edb-b99c-a15e0cac7c81", "created_at": "2026-04-06T00:11:11.145226Z", "updated_at": "2026-04-10T03:33:49.442074Z", "deleted_at": null, "sha1_hash": "727a6e9cef3e3580030e707436369bc0d643a428", "title": "FinFisher", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 209237, "plain_text": "FinFisher\r\nBy Contributors to Wikimedia projects\r\nPublished: 2011-11-28 · Archived: 2026-04-05 12:52:47 UTC\r\nFrom Wikipedia, the free encyclopedia\r\nSuspected FinFisher government users that were active at some point in 2015.\r\nFinFisher, also known as FinSpy,\r\n[1]\r\n is surveillance software marketed by Lench IT Solutions plc, which markets\r\nthe spyware through law enforcement channels.[1]\r\nFinFisher can be covertly installed on targets' computers by exploiting security lapses in the update procedures of\r\nnon-suspect software.[2][3][4] The company has been criticized by human rights organizations for selling these\r\ncapabilities to repressive or non-democratic states known for monitoring and imprisoning political dissidents.[5]\r\nEgyptian dissidents who ransacked the offices of Egypt's secret police following the overthrow of Egyptian\r\nPresident Hosni Mubarak reported that they had discovered a contract with Gamma International for €287,000 for\r\na license to run the FinFisher software.[6] In 2014, an American citizen sued the Ethiopian government for\r\nsurreptitiously installing FinSpy onto his computer in America and using it to wiretap his private Skype calls and\r\nmonitor his entire family's every use of the computer for a period of months.[7][8]\r\nLench IT Solutions plc has a UK-based branch, Gamma International Ltd in Andover, England, and a Germany-based branch, Gamma International GmbH in Munich.\r\n[9][10]\r\n Gamma International is a subsidiary of the Gamma\r\nGroup, specializing in surveillance and monitoring, including equipment, software, and training services.[9] It was\r\nreportedly owned by William Louthean Nelson through a shell corporation in the British Virgin Islands.\r\n[11]\r\n The\r\nshell corporation was signed by a nominee director in order to withhold the identity of the ultimate beneficiary,\r\nwhich was Nelson, a common system for companies that are established offshore.[12]\r\nOn August 6, 2014, FinFisher source code, pricing, support history, and other related data were leaked after the\r\nGamma International internal network was hacked by Phineas Fisher.\r\n[13]\r\nThe FinFisher GmbH opened insolvency proceedings at the Munich Local Court on 02.12.2021,[14] however this\r\nis only a restructuring and the company is to continue as Vilicius Holding GmbH.[15]\r\nElements of the FinFisher suite\r\nhttps://en.wikipedia.org/wiki/FinFisher\r\nPage 1 of 7\n\n[edit]\r\nIn addition to spyware, the FinFisher suite offered by Gamma to the intelligence community includes monitoring\r\nof ongoing developments and updating of solutions and techniques which complement those developed by\r\nintelligence agencies.[16] The software suite, which the company calls \"Remote Monitoring and Deployment\r\nSolutions\", has the ability to take control of target computers and to capture even encrypted data and\r\ncommunications. Using \"enhanced remote deployment methods\" it can install software on target computers.[17]\r\nAn \"IT Intrusion Training Program\" is offered which includes training in methods and techniques and in the use of\r\nthe company-supplied software.[18]\r\nThe suite is marketed in Arabic, English, German, French, Portuguese, and Russian and offered worldwide at\r\ntrade shows offering an intelligence support system, ISS, training, and products to law enforcement and\r\nintelligence agencies.[19]\r\nMethod of infection\r\n[edit]\r\nFinFisher malware is installed in various ways, including fake software updates, emails with fake attachments,\r\nand security flaws in popular software. Sometimes the surveillance suite is installed after the target accepts\r\ninstallation of a fake update to commonly used software.[2] Code which will install the malware has also been\r\ndetected in emails.[20] The software, which is designed to evade detection by antivirus software, has versions\r\nwhich work on mobile phones of all major brands.[1]\r\nA security flaw in Apple's iTunes allowed unauthorized third parties to use iTunes online update procedures to\r\ninstall unauthorized programs.[3][4] Gamma International offered presentations to government security officials at\r\nsecurity software trade shows where they described how to covertly install the FinFisher spy software on suspects'\r\ncomputers using iTunes' update procedures.\r\nThe security flaw in iTunes that FinFisher is reported to have exploited was first described in 2008 by security\r\nsoftware commentator Brian Krebs.\r\n[3][4][21]\r\n Apple did not patch the security flaw for more than three years, until\r\nNovember 2011. Apple officials have not offered an explanation as to why the flaw took so long to patch.\r\nPromotional videos used by the firm at trade shows which illustrate how to infect a computer with the surveillance\r\nsuite were released by WikiLeaks in December 2011.[10]\r\nIn 2014, the Ethiopian government was found to have installed FinSpy on the computer of an American citizen via\r\na fake email attachment that appeared to be a Microsoft Word document.\r\n[7]\r\nFinFisher has also been found to engage in politically motivated targeting. In Ethiopia, for instance, photos of a\r\npolitical opposition group are used to \"bait\" and infect users.[5][dead link]\r\nTechnical analysis of the malware, methods of infection and its persistence techniques has been published in Code\r\nAnd Security blog in four parts.[22]\r\nhttps://en.wikipedia.org/wiki/FinFisher\r\nPage 2 of 7\n\nUse by repressive regimes\r\n[edit]\r\nFinFisher's wide use by governments facing political resistance was reported in March 2011 after Egyptian\r\nprotesters raided State Security Investigations Service and found letters from Gamma International UK\r\nLtd., confirming that SSI had been using a trial version for five months.[23]\r\nA similar report in August 2012 concerned e-mails received by Bahraini activists and passed on (via a\r\nBloomberg News reporter) to University of Toronto computer researchers Bill Marczak and Morgan\r\nMarquis-Boire in May 2012. Analysis of the e-mails revealed code (FinSpy) designed to install spyware on\r\nthe recipient's computer.\r\n[1][20]\r\n A spokesman for Gamma claims no software was sold to Bahrain and that\r\nthe software detected by the researchers was not a legitimate copy but perhaps a stolen, reverse-engineered\r\nor modified demonstration copy.\r\n[24]\r\n In August 2014 Bahrain Watch claimed that the leak of FinFisher data\r\ncontained evidence suggesting that the Bahraini government was using the software to spy on opposition\r\nfigures, highlighting communications between Gamma International support staff and a customer in\r\nBahrain, and identifying a number of human rights lawyers, politicians, activists and journalists who had\r\napparently been targeted.[25]\r\nAccording to a document dated 7 December 2012 from the Federal Ministry of the Interior to members of\r\nthe Finance Committee of the German Parliament, the German \"Bundesnachrichtendienst\", the Federal\r\nSurveillance Agency, have licensed FinFisher/FinSpy, even though its legality in Germany is uncertain.[26]\r\nIn 2014, an America citizen sued the Ethiopian government for installing and using FinSpy to record a vast\r\narray of activities conducted by users of the machine, all whilst in America. Traces of the spyware\r\ninadvertently left on his computer show that information – including recordings of dozens of Skype phone\r\ncalls – was surreptitiously sent to a secret control server located in Ethiopia and controlled by the Ethiopian\r\ngovernment. FinSpy was downloaded on the plaintiff's computer when he opened an email with a\r\nMicrosoft Word document attached. The attachment contained hidden malware that infected his computer.\r\n[7]\r\n In March 2017, the United States Court of Appeals for the District of Columbia Circuit found that the\r\nEthiopian government's conduct was protected from liability by the Foreign Sovereign Immunities Act.\r\n[27]\r\n[28]\r\nIn 2015, FinFisher was reported to have been in use since 2012 for the 'Fungua Macho' surveillance\r\nprogramme of Uganda's President Museveni, spying upon the Ugandan opposition party, the Forum for\r\nDemocratic Change.\r\n[29]\r\nIn 2015 it is reported that FinFisher executives sold, illegally, the system to Turkey to enable their security\r\nservices to spy on government opposition parties. Four former executives were charged in 2023 in Munich\r\nwith failure to apply for an export licence for the $5.4 million contract.[30]\r\nReporters Without Borders\r\n[edit]\r\nOn 12 March 2013 Reporters Without Borders named Gamma International as one of five \"Corporate Enemies of\r\nthe Internet\" and “digital era mercenaries” for selling products that have been or are being used by governments to\r\nhttps://en.wikipedia.org/wiki/FinFisher\r\nPage 3 of 7\n\nviolate human rights and freedom of information. FinFisher technology was used in Bahrain and Reporters\r\nWithout Borders, together with Privacy International, the European Center for Constitutional and Human Rights\r\n(ECCHR), the Bahrain Centre for Human Rights, and Bahrain Watch filed an Organisation for Economic Co-operation and Development (OECD) complaint, asking the National Contact Point in the United Kingdom to\r\nfurther investigate Gamma's possible involvement in Bahrain. Since then research has shown that FinFisher\r\ntechnology was used in Australia, Austria, Bahrain, Bangladesh, Britain, Brunei, Bulgaria, Canada, the Czech\r\nRepublic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, Latvia, Lithuania, North Macedonia,\r\nMalaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Serbia, Singapore, South\r\nAfrica, Turkey, Turkmenistan, the United Arab Emirates, the United States, Venezuela and Vietnam.[9][10][31][32]\r\n[33]\r\nFirefox masquerading\r\n[edit]\r\nFinFisher is capable of masquerading as other more legitimate programs, such as Mozilla Firefox. On April 30,\r\n2013, Mozilla announced that they had sent Gamma a cease-and-desist letter for trademark infringement.[34]\r\nGamma had created an espionage program that was entitled firefox.exe and even provided a version number and\r\ntrademark to appear to be legitimate Firefox software.[35]\r\nIn an article of PC Magazine, Bill Marczak (member of Bahrain Watch and computer science PhD student at\r\nUniversity of California, Berkeley doing research into FinFisher) said of FinSpy Mobile (Gamma's mobile\r\nspyware): \"As we saw with respect to the desktop version of FinFisher, antivirus alone isn't enough, as it bypassed\r\nantivirus scans\".[36] The article's author Sara Yin, an analyst at PC Magazine, predicted that antivirus providers\r\nare likely to have updated their signatures to detect FinSpy Mobile.[36]\r\nAccording to announcements from ESET, FinFisher and FinSpy are detected by ESET antivirus software as\r\n\"Win32/Belesak.D\" trojan.\r\n[37][38]\r\nOther security vendors claim that their products will block any spyware they know about and can detect\r\n(regardless of who may have launched it), and Eugene Kaspersky, head of IT security company Kaspersky Lab,\r\nstated, \"We detect all malware regardless its purpose and origin\".[39] Two years after that statement by Eugene\r\nKaspersky in 2012 a description of the technique used by FinFisher to evade Kaspersky protection was published\r\nin Part 2 of the relevant blog at Code And Security.\r\nFinFisher has also made headlines in the past because its products were found to be used by authoritarian regimes\r\nagainst opponents in several Middle Eastern countries.[40]\r\nComputer and Internet Protocol Address Verifier (CIPAV)\r\nDuqu\r\nFlame (malware)\r\nHacking Team\r\nMahdi (malware)\r\nMiniPanzer and MegaPanzer\r\nhttps://en.wikipedia.org/wiki/FinFisher\r\nPage 4 of 7\n\nNSA ANT catalog\r\nR2D2 (trojan)\r\nStuxnet\r\nTailored Access Operations\r\n1. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \r\nd\r\n Nicole Perlroth (August 30, 2012). \"Software Meant to Fight Crime Is Used to Spy on\r\nDissidents\". The New York Times. Archived from the original on August 31, 2012. Retrieved August 31,\r\n2012.\r\n2. ^ Jump up to: a\r\n \r\nb\r\n Jennifer Valentino-Devries (2011-11-21). \"Surveillance Company Says It Sent Fake\r\niTunes, Flash Updates\". The Wall Street Journal. Archived from the original on 2011-11-30. Retrieved\r\n2011-11-28. “Perhaps the most extensive marketing materials came from Gamma's FinFisher brand, which\r\nsays it works by \"sending fake software updates for popular software,\" from Apple, Adobe and others. The\r\nFinFisher documentation included brochures in several languages, as well as videos touting the tools.”\r\n3. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n Christopher Williams (2011-11-24). \"Apple iTunes flaw 'allowed government spying for\r\n3 years'\". The Daily Telegraph. Archived from the original on 2011-11-27. Retrieved 2011-11-28. “A\r\nBritish company called Gamma International marketed hacking software to governments that exploited the\r\nvulnerability via a bogus update to iTunes, Apple's media player, which is installed on more than 250\r\nmillion machines worldwide.”\r\n4. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n Marcel Rosenbach (2011-11-22). \"Firm Sought to Install Spyware Via Faked iTunes\r\nUpdates\". Der Spiegel. Archived from the original on 2011-11-27. Retrieved 2011-11-28. “Apparently, at\r\nleast according to a video promoting FinFisher, the software uses Apple's popular iTunes in order to load\r\nsnooping software onto the computers of the intended suspects.”\r\n5. ^ Jump up to: a\r\n \r\nb\r\n Marquis-Boire, Morgan (13 March 2013). \"You Only Click Twice: FinFisher's Global\r\nProliferation\". University of Toronto Citizen Lab. Archived from the original on 9 August 2014. Retrieved 3\r\nAugust 2014.\r\n6. ^ John Leyden (2011-09-21). \"UK firm denies supplying spyware to Mubarak's secret police: RATs nest\r\nfound in Egyptian spook HQ\". The Register. Archived from the original on 2011-11-27. Retrieved 2011-11-\r\n28. “Documents uncovered when the country's security service headquarters were ransacked during the\r\nArab Spring uprising suggest that Egypt had purchased a package called FinFisher to spy on dissidents.”\r\n7. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n Kopfstein, Janus (March 10, 2014). \"Hackers Without Borders\". The Washington Post.\r\nArchived from the original on August 26, 2014. Retrieved August 24, 2014.\r\n8. ^ \"American Sues Ethiopian Government for Spyware Infection\". Electronic Frontier Foundation.\r\nFebruary 18, 2014. Archived from the original on 2014-10-03. Retrieved 2014-08-24.\r\n9. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \"Corporate Enemies: Gamma International\" Archived 2013-03-16 at the Wayback\r\nMachine, The Enemies of the Internet, Special Edition: Surveillance, Reporters Without Borders, 12 March\r\n2013.\r\n10. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n Vernon Silver (July 25, 2012). \"Cyber Attacks on Activists Traced to FinFisher Spyware\r\nof Gamma\". Bloomberg. Archived from the original on August 10, 2012. Retrieved August 31, 2012.\r\n11. ^ \"Offshore company directors' links to military and intelligence revealed\". the Guardian. 2012-11-28.\r\nRetrieved 2022-03-28.\r\n12. ^ \"The 2014 FinFisher Leaks were a precursor to both Vault 7 and Panama Papers\".\r\nwikileaksdecrypted.com. Archived from the original on 2017-03-28. Retrieved 2017-03-27.\r\nhttps://en.wikipedia.org/wiki/FinFisher\r\nPage 5 of 7\n\n13. ^ Andre Meister (August 6, 2014). \"Gamma FinFisher hacked: 40 GB of internal documents and source\r\ncode of government malware published\". Netzpolitik.org. Archived from the original on August 6, 2014.\r\nRetrieved August 6, 2014.\r\n14. ^ \"Unternehmensregister\". www.unternehmensregister.de. Archived from the original on 2021-12-10.\r\nRetrieved 2021-12-10. \"Unternehmensregister\". Archived from the original on 2021-12-10. Retrieved\r\n2021-12-10.\r\n15. ^ \"Spyware Finfisher nach Namenswechsel bei neuer Holding Vilicius\". heise online (in German). 10\r\nDecember 2021. Archived from the original on 2021-12-11. Retrieved 2021-12-11.\r\n16. ^ \"Portfolio\". FinFisher IT Intrusion. Gamma Group. Archived from the original on May 8, 2012.\r\nRetrieved August 31, 2012. “Gamma addresses ongoing developments in the IT Intrusion field with\r\nsolutions to enhance the capabilities of our clients. Easy to use high-end solutions and techniques\r\ncomplement the intelligence community's knowhow enabling it to address relevant Intrusion challenges on\r\na tactical level.” \"FinFisher IT Intrusion :: Portfolio\". Archived from the original on May 8, 2012.\r\nRetrieved August 31, 2012.\r\n17. ^ \"Portfolio\". FinFisher IT Intrusion. Gamma Group. Archived from the original on May 8, 2012.\r\nRetrieved August 31, 2012. “The Remote Monitoring and Deployment Solutions are used to access target\r\nSystems to give full access to stored information with the ability to take control of target systems' functions\r\nto the point of capturing encrypted data and communications. When used in combination with enhanced\r\nremote deployment methods, the Government Agencies will have the capability to remotely deploy software\r\non target systems.” \"FinFisher IT Intrusion :: Portfolio\". Archived from the original on May 8, 2012.\r\nRetrieved August 31, 2012.\r\n18. ^ \"Portfolio\". FinFisher IT Intrusion. Gamma Group. Archived from the original on May 8, 2012.\r\nRetrieved August 31, 2012. “The IT Intrusion Training Program includes courses on both, products\r\nsupplied as well as practical IT Intrusion methods and techniques. This program transfers years of\r\nknowledge and experience to endusers, thus maximizing their capabilities in this field.” \"FinFisher IT\r\nIntrusion :: Portfolio\". Archived from the original on May 8, 2012. Retrieved August 31, 2012.\r\n19. ^ \"News\". Gamma Group. Archived from the original on October 4, 2012. Retrieved August 31, 2012.\r\n\"FinFisher IT Intrusion :: News\". Archived from the original on October 4, 2012. Retrieved August 31,\r\n2012.\r\n20. ^ Jump up to: a\r\n \r\nb\r\n Nicole Perlroth (August 13, 2012). \"Elusive FinSpy Spyware Pops Up in 10 Countries\"\r\n(blog by reporter). The New York Times. Archived from the original on August 18, 2012. Retrieved August\r\n31, 2012.\r\n21. ^ Brian Krebs (2011-11-23). \"Apple Took 3+ Years to Fix FinFisher Trojan Hole\". Krebs on Security.\r\nArchived from the original on 2011-11-26. Retrieved 2011-11-28. “I first wrote about this vulnerability for\r\nThe Washington Post in July 2008, after interviewing Argentinian security researcher Francisco Amato\r\nabout \"Evilgrade,\" a devious new penetration testing tool he had developed.”\r\n22. ^ Coding and Security (2014-09-19). \"FinFisher Malware Analysis and Technical Write-up\". Coding and\r\nSecurity. Archived from the original on 2016-03-06. Retrieved 2014-09-19. “Detailed analysis of all\r\ncomponents of FinFisher malware”\r\n23. ^ \"Restrictions on freedom of communication\". shorouknews.com (in Arabic). Sunrise Gateway. Archived\r\nfrom the original on 25 March 2014. Retrieved 25 March 2014.\r\nhttps://en.wikipedia.org/wiki/FinFisher\r\nPage 6 of 7\n\n24. ^ Vernon Silver (July 27, 2012). \"Gamma Says No Spyware Sold to Bahrain; May Be Stolen Copy\".\r\nBloomberg News. Archived from the original on July 31, 2012. Retrieved August 31, 2012.\r\n25. ^ Desmukh, Fahad (7 August 2014). \"Bahrain Government Hacked Lawyers and Activists with UK\r\nSpyware\". Bahrain Watch. Archived from the original on 15 August 2014. Retrieved 22 August 2014.\r\n26. ^ Andre Meister (16 January 2013). \"Secret Government Document Reveals: German Federal Police\r\nPlans To Use Gamma FinFisher Spyware\". Netzpolitik.org. Archived from the original on 28 July 2013.\r\nRetrieved 19 July 2013.\r\n27. ^ Note, Recent Case: D.C. Circuit Finds Ethiopia Immune in Hacking Suit, 131 Harv. L. Rev. 1179 (2018).\r\n28. ^ Doe v. Federal Democratic Republic of Ethiopia, 851 F.3d 7 (D.C. Cir. 2017), archived from the original.\r\n29. ^ Nick Hopkins; Jake Morris (15 October 2015). \"UK firm's surveillance kit 'used to crush Uganda\r\nopposition'\". BBC News Online. Archived from the original on 22 August 2018. Retrieved 21 June 2018.\r\n30. ^ \"Germany charges four for selling spyware to Turkey\". 22 May 2023. Archived from the original on 23\r\nMay 2023. Retrieved 23 May 2023.\r\n31. ^ \"FinFisher Mobile Spyware Tracking Political Activists\" Archived 2013-05-17 at the Wayback Machine,\r\nMathew J. Schwartz, Information Week, 31 August 2012\r\n32. ^ \"Researchers Find 25 Countries Using Surveillance Software\" Archived 2013-03-14 at the Wayback\r\nMachine, Nicole Perlroth, The New York Times, 15 March 2013\r\n33. ^ \"For Their Eyes Only: The Commercialization of Digital Spying\" Archived 2013-05-04 at the Wayback\r\nMachine, Morgan Marquis-Boire with Bill Marczak, Claudio Guarnieri, and John Scott-Railton, Citizen\r\nLab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto,\r\n1 May 2013\r\n34. ^ \"Protecting our brand from a global spyware provider\" Archived 2013-05-02 at the Wayback Machine,\r\nMozilla Foundation, April 30, 2013\r\n35. ^ \"June, Daniel, \"Mozilla Fights Against Spyware Company and its Exploits\"\". May 2013. Archived from\r\nthe original on 2013-07-03. Retrieved 2013-05-08.\r\n36. ^ Jump up to: a\r\n \r\nb\r\n Sara Yin (August 30, 2012). \"Lessons Learnt From FinFisher Mobile Spyware\". PC\r\nMagazine. Archived from the original on September 3, 2012. Retrieved September 3, 2012.\r\n37. ^ Cameron Camp (August 31, 2012). \"FinSpy and FinFisher spy on you via your cellphone and PC, for\r\ngood or evil?\". WeLiveSecurity. Archived from the original on October 5, 2017. Retrieved July 25, 2017.\r\n38. ^ David Harley (August 31, 2012). \"Finfisher and the Ethics of Detection\". WeLiveSecurity. Archived from\r\nthe original on December 22, 2017. Retrieved July 25, 2017.\r\n39. ^ Mathew J. Schwartz (August 31, 2012). \"FinFisher Mobile Spyware Tracking Political Activists\".\r\nInformation Week. Archived from the original on October 13, 2013. Retrieved September 3, 2012.\r\n40. ^ \"German prosecutors investigate spyware maker FinFisher | DW | 05.09.2019\". Dawn. September 5,\r\n2019. Archived from the original on September 6, 2019. Retrieved September 5, 2019.\r\n Media related to FinFisher at Wikimedia Commons\r\nOfficial website\r\nSource: https://en.wikipedia.org/wiki/FinFisher\r\nhttps://en.wikipedia.org/wiki/FinFisher\r\nPage 7 of 7\n\nStuxnet Tailored Access Operations \n1. ^ Jump up to: a b c d Nicole Perlroth (August 30, 2012). \"Software Meant to Fight Crime Is Used to Spy on\nDissidents\". The New York Times. Archived from the original on August 31, 2012. Retrieved August 31,\n2012. \n2. ^ Jump up to: a b Jennifer Valentino-Devries (2011-11-21). \"Surveillance Company Says It Sent Fake\niTunes, Flash Updates\". The Wall Street Journal. Archived from the original on 2011-11-30. Retrieved \n2011-11-28. “Perhaps the most extensive marketing materials came from Gamma's FinFisher brand, which\nsays it works by \"sending fake software updates for popular software,\" from Apple, Adobe and others. The\nFinFisher documentation included brochures in several languages, as well as videos touting the tools.”\n3. ^ Jump up to: a b c Christopher Williams (2011-11-24). \"Apple iTunes flaw 'allowed government spying for\n3 years'\". The Daily Telegraph. Archived from the original on 2011-11-27. Retrieved 2011-11-28. “A\nBritish company called Gamma International marketed hacking software to governments that exploited the\nvulnerability via a bogus update to iTunes, Apple's media player, which is installed on more than 250\nmillion machines worldwide.” \n4. ^ Jump up to: a b c Marcel Rosenbach (2011-11-22). \"Firm Sought to Install Spyware Via Faked iTunes\nUpdates\". Der Spiegel. Archived from the original on 2011-11-27. Retrieved 2011-11-28. “Apparently, at\nleast according to a video promoting FinFisher, the software uses Apple's popular iTunes in order to load\nsnooping software onto the computers of the intended suspects.” \n5. ^ Jump up to: a b Marquis-Boire, Morgan (13 March 2013). \"You Only Click Twice: FinFisher's Global\nProliferation\". University of Toronto Citizen Lab. Archived from the original on 9 August 2014. Retrieved 3\nAugust 2014. \n6. ^ John Leyden (2011-09-21). \"UK firm denies supplying spyware to Mubarak's secret police: RATs nest\nfound in Egyptian spook HQ\". The Register. Archived from the original on 2011-11-27. Retrieved 2011-11-\n28. “Documents uncovered when the country's security service headquarters were ransacked during the\nArab Spring uprising suggest that Egypt had purchased a package called FinFisher to spy on dissidents.”\n7. ^ Jump up to: a b c Kopfstein, Janus (March 10, 2014). \"Hackers Without Borders\". The Washington Post.\nArchived from the original on August 26, 2014. Retrieved August 24, 2014. \n8. ^ \"American Sues Ethiopian Government for Spyware Infection\". Electronic Frontier Foundation. \nFebruary 18, 2014. Archived from the original on 2014-10-03. Retrieved 2014-08-24. \n9. ^ Jump up to: a b c \"Corporate Enemies: Gamma International\" Archived 2013-03-16 at the Wayback \nMachine, The Enemies of the Internet, Special Edition: Surveillance, Reporters Without Borders, 12 March\n2013. \n10. ^ Jump up to: a b c Vernon Silver (July 25, 2012). \"Cyber Attacks on Activists Traced to FinFisher Spyware\nof Gamma\". Bloomberg. Archived from the original on August 10, 2012. Retrieved August 31, 2012.\n11. ^ \"Offshore company directors' links to military and intelligence revealed\". the Guardian. 2012-11-28. \nRetrieved 2022-03-28. \n12. ^ \"The 2014 FinFisher Leaks were a precursor to both Vault 7 and Panama Papers\". \nwikileaksdecrypted.com. Archived from the original on 2017-03-28. Retrieved 2017-03-27. \n Page 5 of 7 \n\n https://en.wikipedia.org/wiki/FinFisher \n13. ^ Andre Meister (August 6, 2014). \"Gamma FinFisher hacked: 40 GB of internal documents and source\ncode of government malware published\". Netzpolitik.org. Archived from the original on August 6, 2014.\nRetrieved August 6, 2014. \n14. ^ \"Unternehmensregister\". www.unternehmensregister.de. Archived from the original on 2021-12-10. \nRetrieved 2021-12-10. \"Unternehmensregister\". Archived from the original on 2021-12-10. Retrieved\n2021-12-10. \n15. ^ \"Spyware Finfisher nach Namenswechsel bei neuer Holding Vilicius\". heise online (in German). 10\nDecember 2021. Archived from the original on 2021-12-11. Retrieved 2021-12-11. \n16. ^ \"Portfolio\". FinFisher IT Intrusion. Gamma Group. Archived from the original on May 8, 2012.\nRetrieved August 31, 2012. “Gamma addresses ongoing developments in the IT Intrusion field with\nsolutions to enhance the capabilities of our clients. Easy to use high-end solutions and techniques \ncomplement the intelligence community's knowhow enabling it to address relevant Intrusion challenges on\na tactical level.” \"FinFisher IT Intrusion :: Portfolio\". Archived from the original on May 8, 2012.\nRetrieved August 31, 2012. \n17. ^ \"Portfolio\". FinFisher IT Intrusion. Gamma Group. Archived from the original on May 8, 2012.\nRetrieved August 31, 2012. “The Remote Monitoring and Deployment Solutions are used to access target\nSystems to give full access to stored information with the ability to take control of target systems' functions\nto the point of capturing encrypted data and communications. When used in combination with enhanced\nremote deployment methods, the Government Agencies will have the capability to remotely deploy software\non target systems.” \"FinFisher IT Intrusion :: Portfolio\". Archived from the original on May 8, 2012.\nRetrieved August 31, 2012. \n18. ^ \"Portfolio\". FinFisher IT Intrusion. Gamma Group. Archived from the original on May 8, 2012.\nRetrieved August 31, 2012. “The IT Intrusion Training Program includes courses on both, products \nsupplied as well as practical IT Intrusion methods and techniques. This program transfers years of\nknowledge and experience to endusers, thus maximizing their capabilities in this field.” \"FinFisher IT\nIntrusion :: Portfolio\". Archived from the original on May 8, 2012. Retrieved August 31, 2012. \n19. ^ \"News\". Gamma Group. Archived from the original on October 4, 2012. Retrieved August 31, 2012.\n\"FinFisher IT Intrusion :: News\". Archived from the original on October 4, 2012. Retrieved August 31,\n2012. \n20. ^ Jump up to: a b Nicole Perlroth (August 13, 2012). \"Elusive FinSpy Spyware Pops Up in 10 Countries\"\n(blog by reporter). The New York Times. Archived from the original on August 18, 2012. Retrieved August\n31, 2012. \n21. ^ Brian Krebs (2011-11-23). \"Apple Took 3+ Years to Fix FinFisher Trojan Hole\". Krebs on Security.\nArchived from the original on 2011-11-26. Retrieved 2011-11-28. “I first wrote about this vulnerability for\nThe Washington Post in July 2008, after interviewing Argentinian security researcher Francisco Amato\nabout \"Evilgrade,\" a devious new penetration testing tool he had developed.” \n22. ^ Coding and Security (2014-09-19). \"FinFisher Malware Analysis and Technical Write-up\". Coding and\nSecurity. Archived from the original on 2016-03-06. Retrieved 2014-09-19. “Detailed analysis of all\ncomponents of FinFisher malware” \n23. ^ \"Restrictions on freedom of communication\". shorouknews.com (in Arabic). Sunrise Gateway. Archived\nfrom the original on 25 March 2014. Retrieved 25 March 2014. \n Page 6 of 7 \n\n24. ^ Vernon Silver (July 27, 2012). \"Gamma https://en.wikipedia.org/wiki/FinFisher Says No Spyware Sold to Bahrain; May Be Stolen Copy\".\nBloomberg News. Archived from the original on July 31, 2012. Retrieved August 31, 2012. \n25. ^ Desmukh, Fahad (7 August 2014). \"Bahrain Government Hacked Lawyers and Activists with UK\nSpyware\". Bahrain Watch. Archived from the original on 15 August 2014. Retrieved 22 August 2014.\n26. ^ Andre Meister (16 January 2013). \"Secret Government Document Reveals: German Federal Police\nPlans To Use Gamma FinFisher Spyware\". Netzpolitik.org. Archived from the original on 28 July 2013.\nRetrieved 19 July 2013. \n27. ^ Note, Recent Case: D.C. Circuit Finds Ethiopia Immune in Hacking Suit, 131 Harv. L. Rev. 1179 (2018).\n28. ^ Doe v. Federal Democratic Republic of Ethiopia, 851 F.3d 7 (D.C. Cir. 2017), archived from the original.\n29. ^ Nick Hopkins; Jake Morris (15 October 2015). \"UK firm's surveillance kit 'used to crush Uganda\nopposition'\". BBC News Online. Archived from the original on 22 August 2018. Retrieved 21 June 2018.\n30. ^ \"Germany charges four for selling spyware to Turkey\". 22 May 2023. Archived from the original on 23\nMay 2023. Retrieved 23 May 2023. \n31. ^ \"FinFisher Mobile Spyware Tracking Political Activists\" Archived 2013-05-17 at the Wayback Machine,\nMathew J. Schwartz, Information Week, 31 August 2012 \n32. ^ \"Researchers Find 25 Countries Using Surveillance Software\" Archived 2013-03-14 at the Wayback\nMachine, Nicole Perlroth, The New York Times, 15 March 2013 \n33. ^ \"For Their Eyes Only: The Commercialization of Digital Spying\" Archived 2013-05-04 at the Wayback\nMachine, Morgan Marquis-Boire with Bill Marczak, Claudio Guarnieri, and John Scott-Railton, Citizen\nLab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto,\n1 May 2013 \n34. ^ \"Protecting our brand from a global spyware provider\" Archived 2013-05-02 at the Wayback Machine,\nMozilla Foundation, April 30, 2013 \n35. ^ \"June, Daniel, \"Mozilla Fights Against Spyware Company and its Exploits\"\". May 2013. Archived from\nthe original on 2013-07-03. Retrieved 2013-05-08. \n36. ^ Jump up to: a b Sara Yin (August 30, 2012). \"Lessons Learnt From FinFisher Mobile Spyware\". PC\nMagazine. Archived from the original on September 3, 2012. Retrieved September 3, 2012. \n37. ^ Cameron Camp (August 31, 2012). \"FinSpy and FinFisher spy on you via your cellphone and PC, for\ngood or evil?\". WeLiveSecurity. Archived from the original on October 5, 2017. Retrieved July 25, 2017.\n38. ^ David Harley (August 31, 2012). \"Finfisher and the Ethics of Detection\". WeLiveSecurity. Archived from\nthe original on December 22, 2017. Retrieved July 25, 2017. \n39. ^ Mathew J. Schwartz (August 31, 2012). \"FinFisher Mobile Spyware Tracking Political Activists\".\nInformation Week. Archived from the original on October 13, 2013. Retrieved September 3, 2012.\n40. ^ \"German prosecutors investigate spyware maker FinFisher | DW | 05.09.2019\". Dawn. September 5,\n2019. Archived from the original on September 6, 2019. Retrieved September 5, 2019. \nMedia related to FinFisher at Wikimedia Commons \nOfficial website \nSource: https://en.wikipedia.org/wiki/FinFisher \n Page 7 of 7", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://en.wikipedia.org/wiki/FinFisher" ], "report_names": [ "FinFisher" ], "threat_actors": [ { "id": "a3687241-9876-477b-aa13-a7c368ffda58", "created_at": "2022-10-25T16:07:24.496902Z", "updated_at": "2026-04-10T02:00:05.010744Z", "deleted_at": null, "main_name": "Hacking Team", "aliases": [], "source_name": "ETDA:Hacking Team", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "e90c06e4-e3e0-4f46-a3b5-17b84b31da62", "created_at": "2023-01-06T13:46:39.018236Z", "updated_at": "2026-04-10T02:00:03.183123Z", "deleted_at": null, "main_name": "Hacking Team", "aliases": [], "source_name": "MISPGALAXY:Hacking Team", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "b07fec96-80cd-4d92-aa52-a26a0b25b7c2", "created_at": "2022-10-25T16:07:23.826594Z", "updated_at": "2026-04-10T02:00:04.760416Z", "deleted_at": null, "main_name": "Madi", "aliases": [ "Mahdi" ], "source_name": "ETDA:Madi", "tools": [ "Madi" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434271, "ts_updated_at": 1775792029, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/727a6e9cef3e3580030e707436369bc0d643a428.pdf", "text": "https://archive.orkl.eu/727a6e9cef3e3580030e707436369bc0d643a428.txt", "img": "https://archive.orkl.eu/727a6e9cef3e3580030e707436369bc0d643a428.jpg" } }